summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorPeer Beckmann <[email protected]>2017-04-03 23:16:32 +0200
committerMatt Holt <[email protected]>2017-04-03 15:16:31 -0600
commitc0ce2b1d50b7ed78199776ea791a999500d3e863 (patch)
treec3364016bc6339b9da3be22b0c4e524775416b0e
parent59bf71c2932c3b814a6a1211c492a1aa9f71d4a1 (diff)
downloadcaddy-c0ce2b1d50b7ed78199776ea791a999500d3e863.tar.gz
caddy-c0ce2b1d50b7ed78199776ea791a999500d3e863.zip
proxy: Respect insecure_skip_verify for health check (#1558)
* Respect the 'insecure_skip_verify' for the health check. * WIP: Trying to add a test. Non functional. * Fixing tests. * Creating better error messages. * Optimize two more error messages. * Move the tests into an extra function.
-rw-r--r--caddyhttp/proxy/upstream.go5
-rw-r--r--caddyhttp/proxy/upstream_test.go38
2 files changed, 42 insertions, 1 deletions
diff --git a/caddyhttp/proxy/upstream.go b/caddyhttp/proxy/upstream.go
index 303f986c4..4995a48f2 100644
--- a/caddyhttp/proxy/upstream.go
+++ b/caddyhttp/proxy/upstream.go
@@ -13,6 +13,8 @@ import (
"sync/atomic"
"time"
+ "crypto/tls"
+
"github.com/mholt/caddy/caddyfile"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
@@ -112,6 +114,9 @@ func NewStaticUpstreams(c caddyfile.Dispenser) ([]Upstream, error) {
if upstream.HealthCheck.Path != "" {
upstream.HealthCheck.Client = http.Client{
Timeout: upstream.HealthCheck.Timeout,
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: upstream.insecureSkipVerify},
+ },
}
upstream.wg.Add(1)
go func() {
diff --git a/caddyhttp/proxy/upstream_test.go b/caddyhttp/proxy/upstream_test.go
index d84c366e5..b581cca66 100644
--- a/caddyhttp/proxy/upstream_test.go
+++ b/caddyhttp/proxy/upstream_test.go
@@ -279,7 +279,7 @@ func TestParseBlock(t *testing.T) {
for i, test := range tests {
upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config)))
if err != nil {
- t.Error("Expected no error. Got:", err.Error())
+ t.Errorf("Expected no error. Got: %s", err.Error())
}
for _, upstream := range upstreams {
headers := upstream.Select(r).UpstreamHeaders
@@ -298,3 +298,39 @@ func TestParseBlock(t *testing.T) {
}
}
}
+
+func TestHealthSetUp(t *testing.T) {
+ // tests for insecure skip verify
+ isv_tests := []struct {
+ config string
+ flag bool
+ }{
+ // Test #1: without flag
+ {"proxy / localhost:8080 {\n health_check / \n}", false},
+
+ // Test #2: with flag
+ {"proxy / localhost:8080 {\n health_check / \n insecure_skip_verify \n}", true},
+ }
+
+ for i, test := range isv_tests {
+ upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config)))
+ if err != nil {
+ t.Errorf("Expected no error. Got: %s", err.Error())
+ }
+ for _, upstream := range upstreams {
+ staticUpstream, ok := upstream.(*staticUpstream)
+ if !ok {
+ t.Errorf("type mismatch: %#v", upstream)
+ continue
+ }
+ transport, ok := staticUpstream.HealthCheck.Client.Transport.(*http.Transport)
+ if !ok {
+ t.Errorf("type mismatch: %#v", staticUpstream.HealthCheck.Client.Transport)
+ continue
+ }
+ if test.flag != transport.TLSClientConfig.InsecureSkipVerify {
+ t.Errorf("test %d: expected transport.TLSClientCnfig.InsecureSkipVerify=%v, got %v", i, test.flag, transport.TLSClientConfig.InsecureSkipVerify)
+ }
+ }
+ }
+}